With security breaches damaging the reputations of several major universities, Baylor U. was determined to protect the personal information of its students and faculty. Whole-disk encryption is doing the job.

The Problem:After a flurry of data breaches at several large
universities, Baylor University needed to ensure that primary
identification information for students and faculty stayed safe.

The Details:
More than 197,000 personal records were exposed
in a data security breach at the McCombs School of Business at
the University of Texas in April 2006. It was the school's second
such incident in three years, and one of a wave of such breaches
at academic institutions including UCLA, Northwestern and
Ohio University in the past two years alone.

As a result of heightened concern over data breaches, the
Lone Star State passed legislation requiring organizations to
notify individuals affected by a privacy breach and to take action
to resolve the problem. Until recently, many universities used
Social Security numbers as primary identifiers for student and
faculty information, according to Jon Allen, Baylor's information
security officer, who says the Waco university "switched
from using Social Security numbers as the primary identifier,
but a lot of old data was still stored that way." That, along with
the "huge migration" from desktops to laptops among students
and faculty, put the schoolwith a 735-acre campus home to
14,000 students and 1,500 faculty and staffat risk.

The Solution:Baylor chose PGP's Whole Disk Encryption
system, which it is rolling out to the university's fleet of laptops.
The product takes the responsibility for encrypting data and
maintaining secure data keys out of users' hands, Allen says. "The
whole-disk option provides real-time encryption from the disk
and you don't see significant degradation to the user," he adds.

File encryption systems are more than twice as common as
full-disk encryption software installations. But easily twice as
many organizations plan to deploy full-disk encryption as file
encryption in the next year, according to an August survey by
Aberdeen Group. "Year-over-year growththat is, planned use
vs. current usewas 74 percent for full-disk encryption vs. 18
percent for file encryption," says Derek Brink, vice president
and research director for IT security at Aberdeen Group.

Doug Bartholomew is a career journalist who has covered information technology for more than 15 years. A former senior editor at IndustryWeek and InformationWeek, his freelance features have appeared in New York magazine and the Los Angeles Times Magazine. He has a B.S. in Journalism from Northwestern University.